[cap-talk] Terminology and soap box (was: Objects and Facets)

[David Hopwood]

Karp, Alan H wrote:
> Jed wrote:
> 
>>As you can see, for me the "object" is whatever the capability
>>grants permission to access.
>  
> I particularly like this wording because it covers more general cases.

I don't like it because it's too general. What does the capability
grant permission to access, vs authority to access? The distinction
between "permission" and "authority" is that a capability grants
permission to invoke the object that it directly designates, while it
may grant authority to other objects that are indirectly referenced.

However, if this approach is taken then there is a circular dependency
between the definitions of "permission" and "object". To break the
circularity, we need to say that a capability only grants permission to
invoke a single interface. Jed agreed to this constraint:

# I wrote:
# > Can a capability/reference permit access to more
# > than one invokable interface?
#
# No.  The capability is the unit of invokable interface.  By definition.

but it is not captured either by the above definition of "object", or
by Jed's definition of "capability" as a "communicable unit of permission".
It *is* captured by my points #1 to #7.

> We generally think of the message being sent to the thing access is
> being granted to, but that is necessarily something active.

Why? A tuple, say, is not normally considered to be active.

> In some systems, we can think of the capability as a reference to something
> static, such as a file.  In that case, the message is delivered to some
> active entity that handles the request as if the file were an active
> object.

That is an implementation detail. The wording I suggested in
<http://www.eros-os.org/pipermail/cap-talk/2006-August/005570.html> does
not exclude any reasonable implementation (modulo a minor fix needed to
point #6).

-- 
David Hopwood <david.nospam.hopwood at blueyonder.co.uk>